Detections
Analytics

OracleVM 3.4 : kernel-uek (OVMSA-2023-0007)

medium Nessus Plugin ID 174014

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address security updates:

 - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (CVE-2019-5489)

 - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)

 - A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)

 - A memory corruption flaw was found in the Linux kernel's human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-1073)

 - A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service. (CVE-2023-1074)

 - In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list
 -- the list head is all zeroes, this results in a NULL pointer dereference. (CVE-2023-1095)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://linux.oracle.com/cve/CVE-2019-5489.html

https://linux.oracle.com/cve/CVE-2020-0404.html

https://linux.oracle.com/cve/CVE-2023-0394.html

https://linux.oracle.com/cve/CVE-2023-1073.html

https://linux.oracle.com/cve/CVE-2023-1074.html

https://linux.oracle.com/cve/CVE-2023-1095.html

https://linux.oracle.com/errata/OVMSA-2023-0007.html

Plugin Details

Severity: Medium

ID: 174014

File Name: oraclevm_OVMSA-2023-0007.nasl

Version: 1.1

Type: local

Published: 4/7/2023

Updated: 5/25/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2019-5489

CVSS v3

Risk Factor: Medium

Base Score: 6.6

Temporal Score: 5.9

Vector: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-1073

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/5/2023

Vulnerability Publication Date: 1/7/2019

Reference Information

CVE: CVE-2019-5489, CVE-2020-0404, CVE-2023-0394, CVE-2023-1073, CVE-2023-1074, CVE-2023-1095